Dr. Deb Zoran is the operations supervisor of VET outreach of Texas A&M University. They coordinate animal rescue during disasters and emergencies. |
John Taylor and Hannah Coffey of BOLD Planning, one of the providers of mitigation and remediation plans for organizations that do not have adequate in-house emergency planning. |
Sean Scott developed the Red Guide handbooks. They are available in English and Spanish. |
Michael Shanks of LRad explained that his sound output speakers will cover huge, city-sized areas with good clarity for voice notification in times of emergency. |
Vanessa Forté of ProPac brought a wide range of pre-packaged emergency supplies from first aid kits to food and drink for one person or large groups. |
On Thursday, May 18, at 4:00 PM, Laurel and I attended an excellent session on Insurance Fraud. The presenters were Lt. David Taylor (Compliance) and John Plent (Consumer Protection) from the Catastrophe Response Team of the Insurance Fraud unit of the Texas Department of Insurance. Just to note: The Department of Insurance is one of about 20 state agencies and departments that has its own sworn and weaponized peace officers. As explained below, when on the streets, talking to roofing contractors, he has the full law enforcement authority of any police officer in Texas.
In the aftermath of a disaster, swarms of unlicensed
contractors appear, soliciting business, and being paid with money from
insurance settlements. The work is uneven in quality. Sometimes, the “contractors”
take a “down payment” and never return. Occasionally, they take a partial
payment, do partial work, then leave, with a promise to return, which puts the
matter out of the criminal law and into civil law.
The TDI catastrophe teams help people work with insurance
adjusters; and they can assist insurance companies in the field. They work with consumers to
help with insurance claims. Lt. Taylor and Mr. Plent come to your town to mitigate (and ideally prevent) violations and victimizations. They start by meeting with
city officials. They acknowledge that after a severe storm which has taken lives,
mitigating insurance fraud might not seem highly important. However, they have
found law enforcement and other city officials to be very helpful. If the city
has regulations, they say, then make sure that all solicitors are registered
and licensed. Drive the streets; and where you see roofers working or knocking
on doors, ask to see their papers. Municipalities should run background checks
for outstanding warrants and sex offender registration. Their primary advice is
to homeowners is to never accept a
solicitation. You, the customer, should drive the process by seeking out
reputable companies and getting competitive bids.
We have no state-level licensing of contractors here in Texas. However,
we do have the Roofing Contractors Association of Texas and the Building Officials Association of Texas (BOAT at www.boatx.org). In
fact, BOAT was one of the vendors at the TDEM conference.
Read about the fraud team here
Watch one of their videos here.
At 2:30 PM on May 18, Laurel and I attended a disjointed,
lackluster session on cyber security.
Despite our abiding professional involvement in computer security, this
one put us both to sleep. The presenter was David Morgan (CISSP, CNSS NSA
Security), who is a cybersecurity officer and information security manager at the
Texas Department of Public Safety. He certainly seemed well qualified from his
time in the Marine Corps to his experience as a visiting professor at several
colleges and universities. The bottom line is that the content of his
presentation did not meet the criteria set by the title of his talk, "Cyber Security - A Critical Component for Emergency Management."
Everything we do in response to a disaster or a community event depends on computers, from smartphones to laptops. To coordinate our efforts, we bring WebEOC into community shelters. Some at this conference had special responsibilities for the emergency bands such as TICP (Texas Interoperability Communication Package) and MARS (Military Affiliate Radio System). David Morgan did not tell us how to secure any of them, or how to detect an intrusion.
Laurel and I were most interested in knowing about how computer hackers have disrupted emergency response. Aside from mentioning the recent incident in Dallas -- (Dallas Morning News here among very many others) -- in which the weather sirens sounded at midnight, he had nothing to say.
Everything we do in response to a disaster or a community event depends on computers, from smartphones to laptops. To coordinate our efforts, we bring WebEOC into community shelters. Some at this conference had special responsibilities for the emergency bands such as TICP (Texas Interoperability Communication Package) and MARS (Military Affiliate Radio System). David Morgan did not tell us how to secure any of them, or how to detect an intrusion.
Laurel and I were most interested in knowing about how computer hackers have disrupted emergency response. Aside from mentioning the recent incident in Dallas -- (Dallas Morning News here among very many others) -- in which the weather sirens sounded at midnight, he had nothing to say.
Hackers have been changing traffic lights since at least
2003, though the ability to do so was known in the 1980s. (See Wired from 2005 here.) Recently, the Surprise, Arizona, city 911 was taken out by a hacker (See Washington Times story here.) Bear in mind, though, that the infamous
“Operation Sundevil” from 1990, which alleged that hackers had broken into the
nationwide 911, was exposed and disgraced.
(See “Operation Sundevil”
in Wikipedia here and “Jefferson in Mirrorshades” in a hacker archive here. ) None of that was in this presentation.
David Morgan did allude to the existence of viruses, worms, trojans, and spyware, but did not differentiate among them, or tell us how to detect, mitigate, remediate, or prevent them. He did say that the Macintosh operating system is easily given to viruses because it is based on Unix, which is the operating system in which viruses were invented. David Morgan defined “Zero day” as the source of unknown vulnerabilities. He explained a “root kit” by saying that if you are “root” then you own the system.
All of that being as it may, I personally benefited by
learning about Shodan.io. Coming to work the next day, I visited the site,
read about it on Wikipedia, and made a note to myself to follow up.
BSides Austin 2016
InnoTech 2015
CERT: Community Emergency Response Team
The Living Fish Swims Under Water
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.